請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/84622完整後設資料紀錄
| DC 欄位 | 值 | 語言 |
|---|---|---|
| dc.contributor.advisor | 黃俊郎(Jiun-Lang Huang) | |
| dc.contributor.author | Tzu-Yuan Wang | en |
| dc.contributor.author | 王子元 | zh_TW |
| dc.date.accessioned | 2023-03-19T22:17:59Z | - |
| dc.date.copyright | 2022-09-26 | |
| dc.date.issued | 2022 | |
| dc.date.submitted | 2022-09-16 | |
| dc.identifier.citation | Y. He, G. Meng, K. Chen, X. Hu, and J. He, “Towards security threats of deep learning systems: A survey,” IEEE Transactions on Software Engineering, 2020. Q. Xiao, K. Li, D. Zhang, and W. Xu, “Security risks in deep learning implementations,” in 2018 IEEE Security and Privacy Workshops (SPW), pp. 123–128, 2018. T. Liu, Z. Liu, Q. Liu, W. Wen, W. Xu, and M. Li, “Stegonet: Turn deep neural network into a stegomalware,” in Annual Computer Security Applications Conference, ACSAC ’20, (New York, NY, USA), p. 928–938, Association for Computing Machinery, 2020. Z. Wang, C. Liu, and X. Cui, “Evilmodel: hiding malware inside of neural network models,” in 2021 IEEE Symposium on Computers and Communications (ISCC), pp. 1–7, IEEE, 2021. G. Suarez-Tangil, J. E. Tapiador, and P. Peris-López, “Stegomalware: Playing hide and seek with malicious components in smartphone apps,” in Inscrypt, 2014. H. Gholamalinezhad and H. Khosravi, “Pooling methods in deep neural networks, a review,” arXiv preprint arXiv:2009.07485, 2020. B. Jacob, S. Kligys, B. Chen, M. Zhu, M. Tang, A. Howard, H. Adam, and D. Kalenichenko, “Quantization and training of neural networks for efficient integer-arithmetic-only inference,” in Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 2704–2713, 2018. D. McMillen, “Steganography: A safe haven for malware.” https://securityintelligence.com/steganography-a-safe-haven-for-malware/, 2017. D. Neeta, K. Snehal, and D. Jacobs, “Implementation of lsb steganography and its evaluation for various bits,” in 2006 1st International Conference on Digital Information Management, pp. 173–178, 2007. “Pytorch.” https://pytorch.org/. Accessed: 2022-06-29. “Tensorflow.” https://www.tensorflow.org/. Accessed: 2022-06-29. W. Kahan, “Ieee standard 754 for binary floating-point arithmetic,” Lecture Notes on the Status of IEEE, vol. 754, no. 94720-1776, p. 11, 1996. “Insecure deserialization.” https://portswigger.net/web-security/deserialization. Accessed: 2022-06-29. D. Wichers and J. Williams, “Owasp top-10 2017,” OWASP Foundation, vol. 3, p. 4, 2017. “Pickle —python object serialization.” https://docs.python.org/3/library/pickle.html. Accessed: 2022-06-29. “Scikit-learn.” https://scikit-learn.org/stable/. Accessed: 2022-06-29. “Pickle is a security issue.” https://github.com/pytorch/pytorch/issues/52596. Accessed: 2022-06-29. M. Sandler, A. Howard, M. Zhu, A. Zhmoginov, and L.-C. Chen, “Mobilenetv2: Inverted residuals and linear bottlenecks,” in Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 4510–4520, 2018. C. Szegedy, W. Liu, Y. Jia, P. Sermanet, S. Reed, D. Anguelov, D. Erhan, V. Vanhoucke, and A. Rabinovich, “Going deeper with convolutions,” in Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 1–9, 2015. K. He, X. Zhang, S. Ren, and J. Sun, “Deep residual learning for image recognition,” in Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 770–778, 2016. C. Szegedy, V. Vanhoucke, S. Ioffe, J. Shlens, and Z. Wojna, “Rethinking the inception architecture for computer vision,” in Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 2818–2826, 2016. K. Simonyan and A. Zisserman, “Very deep convolutional networks for large-scale image recognition,” arXiv preprint arXiv:1409.1556, 2014. A. Krizhevsky, “One weird trick for parallelizing convolutional neural networks,” arXiv preprint arXiv:1404.5997, 2014. “Google colab.” https://colab.research.google.com/. Accessed: 2022-06-29. “Torchvision.models.” https://pytorch.org/vision/0.8/models.html/. Accessed: 2022-06-29. “thezoo - a live malware repository.” https://github.com/ytisf/theZoo. Accessed: 2022-06-29. A. Krizhevsky, G. Hinton, et al., “Learning multiple layers of features from tiny images,” 2009. “Virustotal.” https://www.virustotal.com/. Accessed: 2022-07-26. | |
| dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/84622 | - |
| dc.description.abstract | 深度神經網絡 (DNN) 因其強大的功能而被廣泛用於構建人工智慧 (AI) 應用程序。 然而,安全問題也同時浮現。 將惡意程式隱藏在深度神經網絡模型中是一個攻擊層面。 同時,模型格式存在不安全的反序列化漏洞。 結合這兩個弱點可以實現攻擊流程。 這種攻擊的挑戰是嵌入率、準確性下降和提取工作的複雜度。 因此,本論文提供了在分類神經網絡模型中嵌入惡意程式的注入規則,並提出了一種使用注入規則的惡意程式注入方法。 提供了一種更全面的方法來實現高嵌入率、低精度下降和低複雜度的提取工作。 | zh_TW |
| dc.description.abstract | Deep Neural Networks (DNNs) are widely used to build artificial intelligence (AI) applications due to their powerful features. However, security concerns are emerging. Hiding malware inside the model is an attack surface. At the same time, the model format has an insecure deserialization vulnerability. Combining these two weaknesses can fulfill an attack flow. The challenges in this attack are the embedding rate, accuracy degradation, and extraction effort. Thus, this thesis provided injecting rules for embedding malware in classification neural network models and proposed a malware injection method using injecting rules. A more comprehensive methodology is offered to achieve a high embedding rate, low accuracy degradation, and less extraction effort. | en |
| dc.description.provenance | Made available in DSpace on 2023-03-19T22:17:59Z (GMT). No. of bitstreams: 1 U0001-1409202215170900.pdf: 7307265 bytes, checksum: 844d4e3b218e0af79793a3ef2160eb33 (MD5) Previous issue date: 2022 | en |
| dc.description.tableofcontents | Acknowledgements i 摘要 ii Abstract iii Chapter 1 Introduction 1 1.1 Security Risk in Machine Learning System 1 1.2 Related Works 2 1.2.1 Steganography and Stegomalware 2 1.2.2 StegoNet 3 1.2.3 EvilModel 3 1.2.4 Pooling 4 1.2.5 Quantization 4 1.3 Motivation 4 1.4 Contribution 5 1.5 Organization of the Thesis 5 Chapter 2 Preliminaries 6 2.1 Analysis of a Deep Learning Model 6 2.1.1 A Neural Network Model 6 2.1.2 Layers in a Neural Network Model 7 2.1.3 A Neuron in a Layer 7 2.1.4 Conclusion 8 2.2 Insecure Deserialization in Deep Learning System 8 2.2.1 Serialization and Deserialization 8 2.2.2 Insecure Deserialization 9 2.2.3 Insecure Deserialization in Deep Learning System 10 2.2.4 Conclusion 10 Chapter 3 Proposed Method 11 3.1 Core Idea: Layer-based Injection 12 3.1.1 Basic Idea for Layer-based Injection 12 3.2 Preprocessing 13 3.2.1 Experiment Setup 14 3.2.2 Finding Impact of Bi 14 3.2.3 3 Bytes Injection in Single Layer 15 3.2.4 Layer Priority for 3 Bytes Injection 16 3.2.4.1 Type Priority 16 3.2.4.2 Priority in Same Type of Layers 17 3.2.5 Injecting Rules 19 3.3 Malware Injection 20 3.3.1 Injection Information Generation 20 3.3.1.1 Priority List Generation 21 3.3.1.2 The Number of Injected Bytes Determination 22 3.3.1.3 Injection Information 23 3.3.2 Malware Injection in Layers and Retrain 24 3.3.3 Malware-Injected Model 24 Chapter 4 Implementation 25 4.1 Implementation Setup 25 4.2 Real Case of Injection Information 26 4.3 Real Case of Malware Injection in Layers and Retrain 27 4.4 Payload Addition and Turn into Stegomalware 28 4.5 Load the Model and Malware is All Set 29 4.6 Antivirus Check in VirusTotal 30 4.7 Experiment Result 32 4.8 Comparison 33 Chapter 5 Conclusion 34 References 35 | |
| dc.language.iso | en | |
| dc.subject | 不安全的反序列化 | zh_TW |
| dc.subject | 神經網絡模型 | zh_TW |
| dc.subject | 深度學習系統 | zh_TW |
| dc.subject | 惡意程式 | zh_TW |
| dc.subject | 隱秘惡意程式 | zh_TW |
| dc.subject | Deep Learning system | en |
| dc.subject | Insecure Deserialization | en |
| dc.subject | Stegomalware | en |
| dc.subject | Malware | en |
| dc.subject | Neural Network Model | en |
| dc.title | 在深度學習模型中隱藏和執行惡意程式的方法論 | zh_TW |
| dc.title | Methodology of Hiding and Executing Malware in a Deep Learning Model | en |
| dc.type | Thesis | |
| dc.date.schoolyear | 110-2 | |
| dc.description.degree | 碩士 | |
| dc.contributor.oralexamcommittee | 黃炫倫(Xuan-Lun Huang),周承復(Cheng-Fu Chou),修丕承(Pi-Cheng Hsiu) | |
| dc.subject.keyword | 神經網絡模型,深度學習系統,惡意程式,隱秘惡意程式,不安全的反序列化, | zh_TW |
| dc.subject.keyword | Neural Network Model,Deep Learning system,Malware,Stegomalware,Insecure Deserialization, | en |
| dc.relation.page | 38 | |
| dc.identifier.doi | 10.6342/NTU202203398 | |
| dc.rights.note | 同意授權(限校園內公開) | |
| dc.date.accepted | 2022-09-19 | |
| dc.contributor.author-college | 電機資訊學院 | zh_TW |
| dc.contributor.author-dept | 電機工程學研究所 | zh_TW |
| dc.date.embargo-lift | 2022-09-26 | - |
| 顯示於系所單位: | 電機工程學系 | |
文件中的檔案:
| 檔案 | 大小 | 格式 | |
|---|---|---|---|
| U0001-1409202215170900.pdf 授權僅限NTU校內IP使用(校園外請利用VPN校外連線服務) | 7.14 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。